linux/include
Kees Cook 313dd1b629 gcc-plugins: Add the randstruct plugin
This randstruct plugin is modified from Brad Spengler/PaX Team's code
in the last public patch of grsecurity/PaX based on my understanding
of the code. Changes or omissions from the original code are mine and
don't reflect the original grsecurity/PaX code.

The randstruct GCC plugin randomizes the layout of selected structures
at compile time, as a probabilistic defense against attacks that need to
know the layout of structures within the kernel. This is most useful for
"in-house" kernel builds where neither the randomization seed nor other
build artifacts are made available to an attacker. While less useful for
distribution kernels (where the randomization seed must be exposed for
third party kernel module builds), it still has some value there since now
all kernel builds would need to be tracked by an attacker.

In more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
can be selected to make a best effort to restrict randomization to
cacheline-sized groups of elements, and will not randomize bitfields. This
comes at the cost of reduced randomization.

Two annotations are defined,__randomize_layout and __no_randomize_layout,
which respectively tell the plugin to either randomize or not to
randomize instances of the struct in question. Follow-on patches enable
the auto-detection logic for selecting structures for randomization
that contain only function pointers. It is disabled here to assist with
bisection.

Since any randomized structs must be initialized using designated
initializers, __randomize_layout includes the __designated_init annotation
even when the plugin is disabled so that all builds will require
the needed initialization. (With the plugin enabled, annotations for
automatically chosen structures are marked as well.)

The main differences between this implemenation and grsecurity are:
- disable automatic struct selection (to be enabled in follow-up patch)
- add designated_init attribute at runtime and for manual marking
- clarify debugging output to differentiate bad cast warnings
- add whitelisting infrastructure
- support gcc 7's DECL_ALIGN and DECL_MODE changes (Laura Abbott)
- raise minimum required GCC version to 4.7

Earlier versions of this patch series were ported by Michael Leibowitz.

Signed-off-by: Kees Cook <keescook@chromium.org>
2017-06-22 16:15:45 -07:00
..
acpi More ACPI updates for v4.12-rc1 2017-05-10 09:35:42 -07:00
asm-generic Kbuild UAPI header export updates for v4.12 2017-05-10 20:45:36 -07:00
clocksource clocksource: arm_arch_timer: add structs to describe MMIO timer 2017-04-19 16:11:48 +01:00
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
drm mm, vmalloc: use __GFP_HIGHMEM implicitly 2017-05-08 17:15:13 -07:00
dt-bindings Sort of on the quieter side this time, which is probably due more 2017-05-10 13:38:18 -07:00
keys
kvm KVM: arm/arm64: Fix bug when registering redist iodevs 2017-05-18 11:18:12 +02:00
linux gcc-plugins: Add the randstruct plugin 2017-06-22 16:15:45 -07:00
math-emu
media [media] cec.h: merge cec-edid.h into cec.h 2017-04-19 06:53:18 -03:00
memory
misc
net net: x25: fix one potential use-after-free issue 2017-05-18 10:05:40 -04:00
pcmcia
ras
rdma smc_diag.h: fix include from userland 2017-05-11 00:18:39 +09:00
rxrpc
scsi Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-05-12 11:44:13 -07:00
soc powerpc updates for 4.12 part 2 2017-05-12 10:04:09 -07:00
sound ASoC: Updates for v4.12 2017-05-02 08:25:25 +02:00
target target/user: PGR Support 2017-05-01 22:21:45 -07:00
trace Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-05-12 11:58:45 -07:00
uapi USB fixes for 4.12-rc2 2017-05-20 08:52:34 -07:00
video uapi: export all headers under uapi directories 2017-05-11 00:21:54 +09:00
xen xen: Implement EFI reset_system callback 2017-05-02 12:06:50 +02:00